CVE-2003-1095 Information

Description

BEA WebLogic Server and Express 7.0 and 7.0.0.1 when using \memory\ session persistence for web applications does not clear authentication information when a web application is redeployed which could allow users of that application to gain access without having to re-authenticate.

Reference

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-27.jsp http://www.kb.cert.org/vuls/id/691153 http://www.securityfocus.com/bid/7130 https://exchange.xforce.ibmcloud.com/vulnerabilities/11555